CVE-2022-3949

EIP tracks 1 public exploit for CVE-2022-3949. PoCs published by maikroservice.

AI-analyzed exploit summary This repository provides a detailed technical writeup on CVE-2022-3949, a stored XSS vulnerability in Simple Cashiering System. It includes reproduction steps, screenshots, and explains the impact of session hijacking due to missing HttpOnly cookie flags.

A vulnerability, which was classified as problematic, has been found in Sourcecodester Simple Cashiering System. This issue affects some unknown processing of the component User Account Handler. The manipulation of the argument fullname leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-213455.